Lucene search
K

649 matches found

NVD
NVD
added 2025/10/15 9:15 a.m.18 views

CVE-2025-10133

The URLYar URL Shortner plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'urlyarshortlink' shortcode in all versions up to, and including, 1.1.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

6.4CVSS0.00214EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/10/15 8:26 a.m.9 views

CVE-2025-10194 Shortcode Button <= 1.1.9 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Shortcode Button plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'button' shortcode in all versions up to, and including, 1.1.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

6.4CVSS0.00265EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/10/15 8:25 a.m.5 views

CVE-2025-10140 Quick Social Login <= 1.4.6 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Quick Social Login plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'quick-login' shortcode in all versions up to, and including, 1.4.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

6.4CVSS0.00265EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/15 8:25 a.m.7 views

EUVD-2025-34552

The WP ViewSTL plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'viewstl' shortcode in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attacker...

6.4CVSS4.7AI score0.00214EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/10/15 8:25 a.m.1 views

CVE-2025-10139 WP BookWidgets <= 0.9 - Authenticated (Contributor+) Stored Cross-Site Scripting

The WP BookWidgets plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'bwlink' shortcode in all versions up to, and including, 0.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

6.4CVSS4.7AI score0.00276EPSS
Exploits0References3
OSV
OSV
added 2025/10/15 7:15 a.m.11 views

CVE-2025-11160

The WPBakery Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Custom JS module in all versions up to, and including, 8.6.1. This is due to insufficient input sanitization and output escaping of user-supplied JavaScript code in the Custom JS module. This makes...

5.4CVSS6AI score
Exploits0References2
Cvelist
Cvelist
added 2025/10/15 5:23 a.m.7 views

CVE-2025-8561 Ova Advent <= 1.1.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

The Ova Advent plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 1.1.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with...

6.4CVSS0.00211EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/10/14 12:0 a.m.7 views

PT-2025-41932

Name of the Vulnerable Software and Affected Versions Centreon Infra Monitoring versions 23.10.0 through 23.10.28 Centreon Infra Monitoring versions 24.04.0 through 24.04.18 Centreon Infra Monitoring versions 24.10.0 through 24.10.13 Description The software contains a flaw related to improper...

6.8CVSS6.2AI score0.00235EPSS
Exploits0References3
CVE
CVE
added 2025/10/11 7:25 a.m.19 views

CVE-2025-11197

CVE-2025-11197 concerns the Draft List plugin for WordPress, vulnerable to Stored Cross-Site Scripting via the drafts shortcode in all versions up to 2.6.1. The attacker must have contributor-level access or higher to inject scripts that execute when users load injected pages. Connected sources c...

6.4CVSS4.7AI score0.00211EPSS
Exploits0References3
CVE
CVE
added 2025/10/11 2:24 a.m.17 views

CVE-2025-9560

CVE-2025-9560 relates to the WordPress plugin Colibri Page Builder (versions through 1.0.334). It describes a Stored XSS vulnerability in the colibri_newsletter shortcode due to insufficient input sanitization and output escaping. Exploitation requires authentication at contributor level or highe...

6.4CVSS4.6AI score0.00211EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/10/11 12:0 a.m.6 views

PT-2025-41646

Name of the Vulnerable Software and Affected Versions Enable Media Replace plugin for WordPress versions up to and including 4.1.6 Description The software is susceptible to Stored Cross-Site Scripting through the file modified shortcode. Insufficient input sanitization and output escaping on...

6.4CVSS5.3AI score0.00218EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2025/10/11 12:0 a.m.7 views

PT-2025-41643

Name of the Vulnerable Software and Affected Versions Draft List plugin for WordPress versions prior to 2.6.1 Description The software contains a flaw due to insufficient input sanitization and output escaping on user supplied attributes within the 'drafts' shortcode. This allows authenticated...

6.4CVSS6.5AI score0.00211EPSS
Exploits0References7
OSV
OSV
added 2025/10/08 1:15 p.m.5 views

CVE-2025-60298

Novel-Plus up to 5.2.4 was discovered to contain a Stored Cross-Site Scripting XSS vulnerability via the /author/updateIndexName endpoint. This vulnerability allows authenticated attackers to inject malicious JavaScript code through the indexName parameter, which gets stored in the database and...

5.4CVSS5.7AI score
Exploits0References3
Cvelist
Cvelist
added 2025/10/07 11:14 p.m.8 views

CVE-2025-61999 OPEXUS FOIAXpress stored XSS via logo image

OPEXUS FOIAXpress before 11.13.3.0 allows an administrative user to upload JavaScript or other content embedded in an SVG image used as a logo. Injected content is executed in the context of other users when they view affected pages. Successful exploitation allows the administrative user to perfo...

4.8CVSS0.0022EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.3 views

EUVD-2025-30313

Malicious code in bioql PyPI...

6.4CVSS6.4AI score0.00223EPSS
Exploits0References6
EUVD
EUVD
added 2025/10/03 8:7 p.m.3 views

EUVD-2025-17927

Malicious code in bioql PyPI...

5.4CVSS6.4AI score0.00279EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2025-27128

Malicious code in bioql PyPI...

6.4CVSS6.4AI score0.00216EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2025-29168

Malicious code in bioql PyPI...

4.6CVSS6.4AI score0.00219EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.3 views

EUVD-2025-28467

Malicious code in bioql PyPI...

7.1CVSS6.6AI score0.00113EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.9 views

EUVD-2025-31693

Malicious code in bioql PyPI...

6.4CVSS6.6AI score0.00224EPSS
Exploits0References3
Rows per page
Query Builder